McAfee Chides Microsoft Over Vista Security PoliciesBy Matt Hines | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
The security software maker contends that Microsoft directly rebuffed efforts to establish common ground over which third party tools interface with Vista.
Officials at security specialist McAfee said that Microsoft has flatly rejected a series of proposals meant to help ease integration between third-party software applications and the company's next-generation Windows Vista operating system.
High-ranking officials with McAfee, a provider of security applications and longtime partner of Microsoft's, said that the software giant refused its suggestions for altering the manner in which aftermarket security tools are allowed to interact with the Vista OS, which is expected to arrive on the market as early as November 2006.
At the heart of the issue are two technological innovations being built into Vista by Microsoft that McAfee and other firms including anti-virus market leader Symantec contend will make their security software products less effective.
The complaints have been specifically aimed at new methods being employed by Microsoft to better lock down its upcoming OS from outside attacks, and arrive at a time when the software giant is also aggressively moving into the lucrative security applications arena.
One of the technologies, Microsoft's PatchGuard system, which is designed to block access to the software kernel in 64-bit versions of Vista, will keep applications such as behavior monitoring and intrusion prevention systems from functioning as effectively as in the past, according to McAfee.
The other tool, dubbed Windows Security Center and meant to inform users when their PCs' security applications are not functioning properly, will provide consumers with a false sense of protection and steer users away from third-party security applications, McAfee said.
Frustrated by its belief that PatchGuard and Windows Security Center will limit the efficiency and exposure of their company's products, McAfee officials said they approached Microsoft, of Redmond, Wash., with two separate proposals offering alternative methods of protecting the Vista kernel and providing desktop security information to users, respectively.
Those proposals were flatly rebuffed by Microsoft, leaving McAfee with no choice but to take its complaints public, company officials said.
"We proposed two solutions to the fundamental impediments we believe to exist in Microsoft's attempt to protect the operating system and they have rejected these proposals summarily," said George Heron, chief scientist with McAfee, based in Santa Clara, Calif.
"We provided Microsoft with alternative ways in which we would be able to interface with their operating systems in the same manner that we have for years and those suggestions have been denied."
Heron contends that Microsoft has failed to deliver on its promise to provide partners with sufficient engineering methods to allow their products to work properly with Vista.
While Microsoft has promised to deliver so-called software keys to third-party applications vendors that would allow them to interface more effectively with Vista, the company has not delivered on that pledge, the executive said.
As a result, McAfee believes that customers will not be able to protect their Vista systems from malware and other types of IT attacks with the same success that they have enjoyed while using aftermarket security products with existing versions of Windows.
Despite Microsoft's defense that it is employing the more restrictive security measures in Vista to protect the interests of users, the company's current methods will leave people with fewer options for defending themselves, according to Heron.
Next Page: Microsoft's response.
"A fundamental issue in providing security for the Vista OS is the need for the industry to have unfettered access to the software to provide comprehensive security, and we haven't received the keys Microsoft said we would have to do this," Heron said.
"It appears as if Microsoft is not only trying to lock out the bad guys, but also the good guys, the very people who have provided protection for the OS software Microsoft has built over the years."
In response to McAfee's claims over having its latest Vista engineering proposals denied, Microsoft officials said that they have been working with the company for over two years to find alternative product integration methods.
As with all of the firm's developer partners, said Adrien Robinson, director of Microsoft's Security Technology Unit, the company has made every effort to balance the concerns of its partner with its work to create a more secure OS for its customers.
As evidenced by some of the changes Microsoft has made in beta versions of Vista, Robinson said, the software maker has taken feedback from its partners to heart and has already used the information to improve the available beta versions of the OS.
Among the alterations Microsoft has already made to that end include its decision to allow third-party software makers to turn off its new Windows Defender technology, which aims to protect users from spyware and adware programs, she said, along with adding security companies' corporate logos to Windows Security Center and making Vista's malware remediation process more interoperable with other companies' products.
"We absolutely have considered all feedback, and the more formalized requests, and have had engineering teams between McAfee and Microsoft working together to improve Vista for over two years," Robinson said.
"The two areas highlighted by McAfee represent instances where decisions have been made based on our goal of balancing the interests of customers and our partners alike, and creating the most secure operating system for our customers as possible."
On the topic of software development keys, Robinson said Microsoft has supplied its partners with tools it feels are effective in balancing access for third-party developers with improved security for users.
Microsoft recognizes that losing access to the 64-bit Vista kernel will force McAfee and others to rethink how their technologies interface with the OS, but that work will be necessary to create the most secure computing environment for customers, she said.
"We're trying to be as responsive as we can be in addressing the concerns of our partners, while balancing the security interests of our customers," Robinson said.
"We really want the security industry to evolve its products, and in the case of PatchGuard use technologies that are more supportive of protecting the kernel, to ensure that we can provide customers with the most secure OS possible when Vista is released."
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.